[Git][security-tracker-team/security-tracker][master] bullseye/buster triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jun 23 16:25:08 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
247caf1a by Moritz Muehlenhoff at 2022-06-23T17:23:28+02:00
bullseye/buster triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -100,9 +100,12 @@ CVE-2022-34301
RESERVED
CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::D ...)
- tinyexr <unfixed>
+ [bullseye] - tinyexr <no-dsa> (Minor issue)
NOTE: https://github.com/syoyo/tinyexr/issues/167
CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This issue i ...)
- dwarfutils <unfixed>
+ [bullseye] - dwarfutils <no-dsa> (Minor issue)
+ [buster] - dwarfutils <no-dsa> (Minor issue)
NOTE: https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162
NOTE: https://github.com/davea42/libdwarf-code/issues/119
NOTE: https://www.prevanders.net/dwarfbug.html#DW202206-001
@@ -2937,11 +2940,10 @@ CVE-2022-33107
CVE-2022-33106
RESERVED
CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the component s ...)
- - redis 5:7.0.1-4
+ - redis <not-affected> (No vulnerable version 7.x was uploaded to unstable)
NOTE: https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef (7.0.1)
NOTE: https://github.com/redis/redis/pull/10753
NOTE: https://github.com/redis/redis/pull/10829
- TODO: check, if it affects only the v7.0 series, if so there was never an affected version in Debian unstable
CVE-2022-33104
RESERVED
CVE-2022-33103
@@ -3018,6 +3020,8 @@ CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an assertion failure via SMTE
TODO: check
CVE-2022-33068 (An integer overflow in the component hb-ot-shape-fallback.cc of Harfbu ...)
- harfbuzz <unfixed>
+ [bullseye] - harfbuzz <no-dsa> (Minor issue)
+ [buster] - harfbuzz <no-dsa> (Minor issue)
NOTE: https://github.com/harfbuzz/harfbuzz/issues/3557
NOTE: https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593
CVE-2022-33067 (Lrzip v0.651 was discovered to contain multiple invalid arithmetic shi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/247caf1a09229e860ddc6f7e841e848553050d74
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/247caf1a09229e860ddc6f7e841e848553050d74
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220623/50e0f161/attachment.htm>
More information about the debian-security-tracker-commits
mailing list